Remove canEdit and canDelete in favor of policy check

Author: nathanheffley

resources/views/comment.blade.php

@@ -32,7 +32,7 @@ class="text-xs text-gray-300 ml-1"
                 @endif
             </div>
 
-            @if ($comment->isComment() && $comment->canEdit())
+            @if ($comment->isComment() && auth()->user()?->can('update', $comment))
                 <div class="flex gap-x-1">
                     <x-filament::icon-button
                         icon="heroicon-s-pencil-square"
@@ -41,7 +41,7 @@ class="text-xs text-gray-300 ml-1"
                         color="gray"
                     />
 
-                    @if ($comment->canDelete())
+                    @can('delete', $comment)
                         <x-filament::icon-button
                             icon="heroicon-s-trash"
                             wire:click="$dispatch('open-modal', { id: 'delete-comment-modal-{{ $comment->getId() }}' })"
@@ -90,7 +90,7 @@ class="text-xs text-gray-300 ml-1"
         @endif
     </div>
 
-    @if ($comment->isComment() && $comment->canDelete())
+    @if ($comment->isComment() && auth()->user()?->can('delete', $comment))
         <x-filament::modal
             id="delete-comment-modal-{{ $comment->getId() }}"
             wire:model="showDeleteModal"

src/Comment.php

@@ -163,20 +163,6 @@ public function reactions(): HasMany
         return $this->hasMany(CommentReaction::class);
     }
 
-    public function canEdit(): bool
-    {
-        $user = Config::resolveAuthenticatedUser();
-
-        return $user && $user->can('update', $this);
-    }
-
-    public function canDelete(): bool
-    {
-        $user = Config::resolveAuthenticatedUser();
-
-        return $user && $user->can('delete', $this);
-    }
-
     public function toggleReaction(string $reaction): void
     {
         ToggleCommentReaction::run($this, $reaction, Config::resolveAuthenticatedUser());

src/Contracts/RenderableComment.php

@@ -20,9 +20,5 @@ public function getCreatedAt(): \DateTime|\Carbon\Carbon;
 
     public function getUpdatedAt(): \DateTime|\Carbon\Carbon;
 
-    public function canEdit(): bool;
-
-    public function canDelete(): bool;
-
     public function getLabel(): ?string;
 }

src/Livewire/Comment.php

@@ -40,7 +40,7 @@ public function handleReactionToggledEvent(string $reaction, int $commentId): vo
     #[Renderless]
     public function delete()
     {
-        if (! $this->comment->canDelete()) {
+        if (! auth()->user()?->can('delete', $this->comment)) {
             return;
         }
 
@@ -77,7 +77,7 @@ public function clear(): void
 
     public function edit(): void
     {
-        if (! $this->comment->canEdit()) {
+        if (! auth()->user()?->can('update', $this->comment)) {
             return;
         }
 
@@ -89,7 +89,7 @@ public function edit(): void
 
     public function updateComment()
     {
-        if (! $this->comment->canEdit()) {
+        if (! auth()->user()?->can('update', $this->comment)) {
             return;
         }
 

src/RenderableComment.php

@@ -27,19 +27,13 @@ class RenderableComment implements RenderableCommentContract, Wireable
 
     protected DateTime|Carbon $updatedAt;
 
-    protected bool $canEdit;
-
-    protected bool $canDelete;
-
     public function __construct(
         string|int $id,
         ?string $authorName,
         string $body,
         ?string $authorAvatar = null,
         DateTime|Carbon $createdAt = new Carbon(),
         DateTime|Carbon $updatedAt = new Carbon(),
-        bool $canEdit = false,
-        bool $canDelete = false,
         bool $isComment = false,
         ?string $parsedBody = null,
         ?string $label = null,
@@ -52,8 +46,6 @@ public function __construct(
         $this->parsedBody = $parsedBody;
         $this->createdAt = $createdAt;
         $this->updatedAt = $updatedAt;
-        $this->canEdit = $canEdit;
-        $this->canDelete = $canDelete;
         $this->label = $label;
     }
 
@@ -102,16 +94,6 @@ public function getLabel(): ?string
         return $this->label;
     }
 
-    public function canEdit(): bool
-    {
-        return $this->canEdit;
-    }
-
-    public function canDelete(): bool
-    {
-        return $this->canDelete;
-    }
-
     public function toLivewire()
     {
         return [
@@ -123,8 +105,6 @@ public function toLivewire()
             'parsedBody' => $this->parsedBody,
             'createdAt' => $this->createdAt->format('Y-m-d H:i:s'),
             'updatedAt' => $this->updatedAt->format('Y-m-d H:i:s'),
-            'canEdit' => $this->canEdit,
-            'canDelete' => $this->canDelete,
             'label' => $this->label,
         ];
     }
@@ -140,8 +120,6 @@ public static function fromLivewire($value)
             parsedBody: $value['parsedBody'],
             createdAt: new Carbon($value['createdAt']),
             updatedAt: new Carbon($value['updatedAt']),
-            canEdit: $value['canEdit'],
-            canDelete: $value['canDelete'],
             label: $value['label'],
         );
     }

tests/CommentTest.php

@@ -4,7 +4,6 @@
 
 use Illuminate\Support\Facades\Event;
 use Kirschbaum\Commentions\Comment;
-use Kirschbaum\Commentions\Config;
 use Kirschbaum\Commentions\Events\UserWasMentionedEvent;
 use Tests\Models\Post;
 use Tests\Models\User;
@@ -80,65 +79,3 @@
         ->toContain($mentionedUser1)
         ->toContain($mentionedUser2);
 });
-
-test('it allows comment author to edit by default', function () {
-    $author = User::factory()->create();
-    $post = Post::factory()->create();
-    $comment = $post->comment('This is a test comment', $author);
-
-    Config::resolveAuthenticatedUserUsing(fn () => $author);
-
-    expect($comment->canEdit())->toBeTrue();
-});
-
-test('it does not allow non-authors to edit by default', function () {
-    $user = User::factory()->create();
-    $author = User::factory()->create();
-    $post = Post::factory()->create();
-    $comment = $post->comment('This is a test comment', $author);
-
-    Config::resolveAuthenticatedUserUsing(fn () => $user);
-
-    expect($comment->canEdit())->toBeFalse();
-});
-
-test('it does not allow guests to edit', function () {
-    $author = User::factory()->create();
-    $post = Post::factory()->create();
-    $comment = $post->comment('This is a test comment', $author);
-
-    Config::resolveAuthenticatedUserUsing(fn () => null);
-
-    expect($comment->canEdit())->toBeFalse();
-});
-
-test('it allows comment author to delete by default', function () {
-    $author = User::factory()->create();
-    $post = Post::factory()->create();
-    $comment = $post->comment('This is a test comment', $author);
-
-    Config::resolveAuthenticatedUserUsing(fn () => $author);
-
-    expect($comment->canDelete())->toBeTrue();
-});
-
-test('it does not allow non-authors to delete by default', function () {
-    $user = User::factory()->create();
-    $author = User::factory()->create();
-    $post = Post::factory()->create();
-    $comment = $post->comment('This is a test comment', $author);
-
-    Config::resolveAuthenticatedUserUsing(fn () => $user);
-
-    expect($comment->canDelete())->toBeFalse();
-});
-
-test('it does not allow guests to delete', function () {
-    $author = User::factory()->create();
-    $post = Post::factory()->create();
-    $comment = $post->comment('This is a test comment', $author);
-
-    Config::resolveAuthenticatedUserUsing(fn () => null);
-
-    expect($comment->canDelete())->toBeFalse();
-});